- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

 interface/web/tools/import_ispconfig.php

@@ -27,8 +27,8 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';

//* Check permissions for module
$app->auth->check_module_permissions('admin');
@@ -45,10 +45,14 @@

//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_import_ispconfig.lng';
include($lng_file);
include $lng_file;
$app->tpl->setVar($wb);

if(isset($_POST['connected'])) {
	
   //* CSRF Check
   $app->auth->csrf_token_check();
	
   $connected = $app->functions->intval($_POST['connected']);
   if($connected == 0) {

@@ -60,11 +64,11 @@
      if($error == '') {
         try {
            $client = new SoapClient(null, array('location' => $_POST['remote_server'],
                                     'uri'      => $_POST['remote_server'].'/index.php',
                            'trace' => 1,
                            'exceptions' => 1));
				
            if($remote_session_id = $client->login($_POST['remote_user'],$_POST['remote_password'])) {
                  'uri'      => $_POST['remote_server'].'/index.php',
                  'trace' => 1,
                  'exceptions' => 1));

            if($remote_session_id = $client->login($_POST['remote_user'], $_POST['remote_password'])) {
               $connected = 1;
               $msg .= 'Successfully connected to remote server.';
            }
@@ -75,9 +79,9 @@
         }
      }
   }
	

   if($connected == 1) {
		

      //* Fill the client select field
      $sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
      $clients = $app->db->queryAllRecords($sql);
@@ -88,87 +92,92 @@
            $client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
         }
      }
      $app->tpl->setVar("client_group_id",$client_select);
		
		
      $app->tpl->setVar("client_group_id", $client_select);


      try {
         $client = new SoapClient(null, array('location' => $_POST['remote_server'],
                                'uri'      => $_POST['remote_server'].'/index.php',
                        'trace' => 1,
                        'exceptions' => 1));
		
      if(!isset($remote_session_id)) $remote_session_id = $_POST['remote_session_id'];
		
      //* Get all email domains
      $mail_domains = $client->mail_domain_get($remote_session_id, array('active' => 'y'));
      $mail_domain_select = '<option value="">-- select domain --</option>';
      if(is_array($mail_domains)) {
         foreach( $mail_domains as $mail_domain) {
            $selected = @($mail_domain['domain'] == $_POST['mail_domain'])?'SELECTED':'';
            $mail_domain_select .= "<option value='$mail_domain[domain]' $selected>$mail_domain[domain]</option>\r\n";
               'uri'      => $_POST['remote_server'].'/index.php',
               'trace' => 1,
               'exceptions' => 1));

         if(!isset($remote_session_id)) $remote_session_id = $_POST['remote_session_id'];

         //* Get all email domains
         $mail_domains = $client->mail_domain_get($remote_session_id, array('active' => 'y'));
         $mail_domain_select = '<option value="">-- select domain --</option>';
         if(is_array($mail_domains)) {
            foreach( $mail_domains as $mail_domain) {
               $selected = @($mail_domain['domain'] == $_POST['mail_domain'])?'SELECTED':'';
               $mail_domain_select .= "<option value='$mail_domain[domain]' $selected>$mail_domain[domain]</option>\r\n";
            }
         }
      }
      $app->tpl->setVar("mail_domain",$mail_domain_select);
		
      //* Do the import
      if($_POST['mail_domain'] != '') start_domain_import($_POST['mail_domain']);
		
		
		
         $app->tpl->setVar("mail_domain", $mail_domain_select);

         //* Do the import
         if($_POST['mail_domain'] != '') start_domain_import($_POST['mail_domain']);



      } catch (SoapFault $e) {
         //echo $client->__getLastResponse();
         $error .= $e->getMessage();
         $connected = 0;
      }
		

   }
	

}

$app->tpl->setVar('remote_server',$_POST['remote_server']);
$app->tpl->setVar('remote_user',$_POST['remote_user']);
$app->tpl->setVar('remote_password',$_POST['remote_password']);
$app->tpl->setVar('connected',$connected);
$app->tpl->setVar('remote_session_id',$remote_session_id);
$app->tpl->setVar('msg',$msg);
$app->tpl->setVar('error',$error);
$app->tpl->setVar('remote_server', $_POST['remote_server']);
$app->tpl->setVar('remote_user', $_POST['remote_user']);
$app->tpl->setVar('remote_password', $_POST['remote_password']);
$app->tpl->setVar('connected', $connected);
$app->tpl->setVar('remote_session_id', $remote_session_id);
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);

//* SET csrf token
$csrf_token = $app->auth->csrf_token_get('ispconfig_import');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);

$app->tpl_defaults();
$app->tpl->pparse();

###########################################################
//##########################################################

function start_domain_import($mail_domain) {
   global $app, $conf, $client, $msg, $error, $remote_session_id;
	

   //* Get the user and groupid for the new records
   $sys_groupid = $app->functions->intval($_POST['client_group_id']);
   $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");
   $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);
   $sys_userid = $app->functions->intval($tmp['userid']);
   unset($tmp);
   if($sys_groupid == 0) $error .= 'Inavlid groupid<br />';
   if($sys_userid == 0) $error .= 'Inavlid Userid<br />';
	

   //* Get the mail server ID
   $tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE mail_server = 1 LIMIT 0,1");
   $tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE mail_server = 1 and mirror_server_id = 0 LIMIT 0,1");
   $server_id = intval($tmp['server_id']);
   unset($tmp);
   if($server_id == 0) $server_id = 1;
	

   //* get the mail domain record
   $mail_domain_rec = $client->mail_domain_get($remote_session_id, array('domain' => $mail_domain));
   if(is_array($mail_domain_rec)) {
      $mail_domain_rec = $mail_domain_rec[0];
      $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = '".$app->db->quote($mail_domain)."'");
      $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = ?", $mail_domain);
      if($tmp['number'] > 0) $error .= 'Domain '.$mail_domain.' exists already in local database.<br />';
      unset($tmp);
		

      //* Change the record owner and remove the index field
      $mail_domain_rec['sys_userid'] = $sys_userid;
      $mail_domain_rec['sys_groupid'] = $sys_groupid;
      $mail_domain_rec['server_id'] = $server_id;
      unset($mail_domain_rec['domain_id']);
		

      //* Insert domain if no error occurred
      if($error == '') {
         $app->db->datalogInsert('mail_domain', $mail_domain_rec, 'domain_id');
@@ -176,15 +185,15 @@
      } else {
         return false;
      }
		

      //* Import mailboxes
      if(isset($_POST['import_mailbox']) && $_POST['import_mailbox'] == 1) {
         $mail_users = $client->mail_user_get($remote_session_id, array('email' => '%@'.$mail_domain));
         if(is_array($mail_users)) {
            foreach($mail_users as $mail_user) {
               $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = '".$app->db->quote($mail_user['email'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = ?", $mail_user['email']);
               if($tmp['number'] == 0) {
						

                  //* Prepare record
                  $mail_user['sys_userid'] = $sys_userid;
                  $mail_user['sys_groupid'] = $sys_groupid;
@@ -192,16 +201,16 @@
                  $remote_mailuser_id = $mail_user['mailuser_id'];
                  unset($mail_user['mailuser_id']);
                  if(!isset($_POST['import_user_filter'])) $mail_user['custom_mailfilter'] = '';
						

                  //* Insert record in DB
                  $local_mailuser_id = $app->db->datalogInsert('mail_user', $mail_user, 'mailuser_id');
                  $msg .= "Imported mailbox ".$mail_user['email']."<br />";
						

                  //* Import mail user filters
                  if(isset($_POST['import_user_filter']) && $_POST['import_user_filter'] == 1 && $local_mailuser_id > 0) {
							

                     $mail_user_filters = $client->mail_user_filter_get($remote_session_id, array('mailuser_id' => $remote_mailuser_id));
							

                     if(is_array($mail_user_filters)) {
                        foreach($mail_user_filters as $mail_user_filter) {
                           $mail_user_filter['sys_userid'] = $sys_userid;
@@ -209,7 +218,7 @@
                           $mail_user_filter['mailuser_id'] = $local_mailuser_id;
                           $mail_user_filter['server_id'] = $server_id;
                           unset($mail_user_filter['filter_id']);
									

                           //* Insert record in DB
                           $app->db->datalogInsert('mail_user_filter', $mail_user_filter, 'filter_id');
                           $msg .= "Imported mailbox filter ".$mail_user['email'].": ".$mail_user_filter['rulename']."<br />";
@@ -219,17 +228,17 @@
               } else {
                  $error .= "Mailbox ".$mail_user['email']." exists in local database. Skipped import of mailbox<br />";
               }
					

            }
         }
      }
		

      //* Import email aliases
      if(isset($_POST['import_alias']) && $_POST['import_alias'] == 1) {
         $mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'alias', 'destination' => '%@'.$mail_domain));
         if(is_array($mail_aliases)) {
            foreach($mail_aliases as $mail_alias) {
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);
               if($tmp['number'] == 0) {
                  $mail_alias['sys_userid'] = $sys_userid;
                  $mail_alias['sys_groupid'] = $sys_groupid;
@@ -240,17 +249,17 @@
               } else {
                  $error .= "Email alias ".$mail_alias['source']." exists in local database. Skipped import.<br />";
               }
					

            }
         }
      }
		

      //* Import domain aliases
      if(isset($_POST['import_aliasdomain']) && $_POST['import_aliasdomain'] == 1) {
         $mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'aliasdomain', 'destination' => '@'.$mail_domain));
         if(is_array($mail_aliases)) {
            foreach($mail_aliases as $mail_alias) {
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);
               if($tmp['number'] == 0) {
                  $mail_alias['sys_userid'] = $sys_userid;
                  $mail_alias['sys_groupid'] = $sys_groupid;
@@ -261,17 +270,17 @@
               } else {
                  $error .= "Email aliasdomain ".$mail_alias['source']." exists in local database. Skipped import.<br />";
               }
					

            }
         }
      }
		

      //* Import email forward
      if(isset($_POST['import_forward']) && $_POST['import_forward'] == 1) {
         $mail_forwards = $client->mail_forward_get($remote_session_id, array('type' => 'forward', 'source' => '%@'.$mail_domain));
         if(is_array($mail_forwards)) {
            foreach($mail_forwards as $mail_forward) {
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = '".$app->db->quote($mail_forward['source'])."' AND destination = '".$app->db->quote($mail_forward['destination'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = ? AND destination = ?", $mail_forward['source'], $mail_forward['destination']);
               if($tmp['number'] == 0) {
                  $mail_forward['sys_userid'] = $sys_userid;
                  $mail_forward['sys_groupid'] = $sys_groupid;
@@ -282,17 +291,17 @@
               } else {
                  $error .= "Email forward ".$mail_forward['source']." exists in local database. Skipped import.<br />";
               }
					

            }
         }
      }
		

      //* Import spamfilter
      if(isset($_POST['import_spamfilter']) && $_POST['import_spamfilter'] == 1) {
         $mail_spamfilters = $client->mail_spamfilter_user_get($remote_session_id, array('email' => '%@'.$mail_domain));
         if(is_array($mail_spamfilters)) {
            foreach($mail_spamfilters as $mail_spamfilter) {
               $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = '".$app->db->quote($mail_spamfilter['email'])."'");
               $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = ?", $mail_spamfilter['email']);
               if($tmp['number'] == 0) {
                  $mail_spamfilter['sys_userid'] = $sys_userid;
                  $mail_spamfilter['sys_groupid'] = $sys_groupid;
@@ -303,14 +312,14 @@
               } else {
                  $error .= "Spamfilter user ".$mail_spamfilter['email']." exists in local database. Skipped import.<br />";
               }
					

            }
         }
      }

   }
	

}


?>
?>